CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2018-6755 – True Key (TK) Windows Client - Weak Directory Permission Vulnerability
https://notcve.org/view.php?id=CVE-2018-6755
06 Dec 2018 — Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. Vulnerabilidad de permisos débiles de directorio en el cliente de Microsoft Windows en McAfee True Key (TK) 5.1.230.7 permite que usuarios locales ejecuten código arbitrario mediante malware especialmente manipulado. McAfee True Key version 5.1.173.1 on Windows 10 1809 has multiple issues in the implementation of the McA... • https://packetstorm.news/files/id/150733 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16359
https://notcve.org/view.php?id=CVE-2018-16359
02 Sep 2018 — Google gVisor before 2018-08-23, within the seccomp sandbox, permits access to the renameat system call, which allows attackers to rename files on the host OS. Google gVisor en versiones anteriores al 2018-08-23, en el sandbox seccomp, permite el acceso a la llamada del sistema renameat, que permite que los atacantes renombren archivos en el sistema operativo host. • https://bugs.chromium.org/p/project-zero/issues/detail?id=1632 •
CVSS: 9.8EPSS: 5%CPEs: 16EXPL: 3CVE-2017-11282 – Adobe Flash - Out-of-Bounds Read in applyToRange
https://notcve.org/view.php?id=CVE-2017-11282
14 Sep 2017 — Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. Adobe Flash Player tiene una vulnerabilidad de corrupción de memoria explotable en el analizador sintáctico de átomos MP4. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-6956
https://notcve.org/view.php?id=CVE-2017-6956
05 Apr 2017 — On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer overflow occurs when handling an 802.11r (FT) authentication response, leading to remote code execution via a crafted access point that sends a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE). En el Broadcom Wi-Fi HardMAC SoC con firmware fbt, se produce un desbordamiento del búfer de la pila al manejar una respuesta de autenticación 802.11r (FT), que conduce a la ejecución remota de código a través de un punto de ac... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1059 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 6CVE-2017-0358 – ntfs-3g: Modprobe influence vulnerability via environment variables
https://notcve.org/view.php?id=CVE-2017-0358
02 Feb 2017 — Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. ... Jann Horn, de Google Project Zero, descubrió que NTFS-3G, un controlador NTFS de lectura-escritura para FUSE, no limpia en profundidad el entorno antes de ejecutar modprobe con privilegios elevados. • https://packetstorm.news/files/id/141882 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 95%CPEs: 54EXPL: 1CVE-2017-3823 – Cisco WebEx Chrome Extension Remote Command Execution
https://notcve.org/view.php?id=CVE-2017-3823
01 Feb 2017 — An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. ... Se descubrió un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anter... • https://bugs.chromium.org/p/project-zero/issues/detail?id=1096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 2CVE-2016-6772 – Google Android - WifiNative::setHotlist Stack Overflow
https://notcve.org/view.php?id=CVE-2016-6772
22 Dec 2016 — An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. • https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2016-6707 – Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap
https://notcve.org/view.php?id=CVE-2016-6707
25 Nov 2016 — An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622. Una vulnerabilidad de elevación de privilegio en System Server en Android 6.x en versiones ante... • https://bugs.chromium.org/p/project-zero/issues/detail?id=928 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 52%CPEs: 17EXPL: 3CVE-2016-4230 – Adobe Flash - MovieClip Transform Getter Use-After-Free
https://notcve.org/view.php?id=CVE-2016-4230
13 Jul 2016 — Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4231, and CVE-2016-4248. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.36... • https://bugs.chromium.org/p/project-zero/issues/detail? • CWE-416: Use After Free •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 2CVE-2015-7893 – Samsung SecEmailUI - Script Injection
https://notcve.org/view.php?id=CVE-2015-7893
07 Feb 2016 — SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. SecEmailUI en Samsung Galaxy S6 no desinfecta el contenido de correo electrónico HTML, permite a los atacantes remotos ejecutar JavaScript arbitrario. The default Samsung email client's email viewer and composer (implemented in SecEmailUI.apk) doesn't sanitize HTML email content for scripts before rendering the data inside a WebView. This allows an attacker to execute arbitrary Java... • https://bugs.chromium.org/p/project-zero/issues/detail?id=494&q=samsung&redir=1 • CWE-20: Improper Input Validation •